<?php
// your database connection script

	require_once('execute/inc/config.inc');
	$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
	if(!$link) {
		die('Failed to connect to server: ' . mysql_error());
	}
	
	//Select database
	$db = mysql_select_db(DB_DATABASE);
	if(!$db) {
		die("Unable to select database");
	}
 
// post the form variables with mysql escaping
$email = mysql_real_escape_string($_POST['email']);
 
// query the db for the user's account info.
// you will put your own table name in, of course
$sql = "SELECT email FROM perm_members WHERE email = '$email'";
$result = mysql_query($sql);
 
// if the user's info is not found, then they get a failure message
if(!result){
echo "Log in credentials not valid.";
exit;
}
 
// if the user is found in the db, we continue
else {
 
// include the random password generator script 
include('randomPass.php');
 
 
// the generator script produces a random 7 character 
// password named $random_chars
// we first want to have a variable ($passwd) that we can 
// pass to the email we send
// then we give $random_chars a value of $password, and we encrypt 
// it using sha1
 
$passwd = $random_chars; 
$password = md5($random_chars);

// next we update the user's password with the new encrypted password
// of course, you will want to make sure that the password field in 
// your db is set to at least 40 characters and varchar
 
$sql = "UPDATE perm_members SET password = '$password'
WHERE email = '$email' ";
$sql2 = mysql_query("SELECT * FROM perm_members WHERE email='$email'");
$row2 = mysql_fetch_array($sql2); 
$result = @mysql_query($sql,$link);
if(!$result) {
echo "Password update failed.". $mysql_error();
 
// you can comment out the above echo after testing
// if there are no updating problems, you can take out the if/else 
// in this portion
// send email to user's account email, giving them their new 
// temporary password. 
// be sure to change the info inside to your own
}
else {
$to = "$email";
$subject = "Password Reset";
$body = "Dear ". $row2['firstname'] ." ".$row2['lastname'].",\n \n
You or someone else with your email address has requested 
to reset your password. Your temporary password is $passwd. \n \n 
Please go to http://edu.technation.af/login.php and login to your profile.\n\n 
Regards,\n 
TechNation";
$additionalheaders = "From: info@technation.af";
mail($to, $subject, $body, $additionalheaders);
if(mail){
	header("Location: login.php?repass=success");
}
else{
	echo "Email not sent";
} // end if update failed
} // end if mail
} // close else 
 ?>